Data Sanitization Techniques
|
|
- Gwenda Fitzgerald
- 8 years ago
- Views:
Transcription
1 Abstract Data Sanitization is the process of making sensitive information in non-production databases safe for wider visibility. This White Paper is an overview of various techniques which can be used to sanitize sensitive production data in test and development databases. An initial discussion of the primary motivations for data sanitization is given. The remainder of the paper is devoted to a generic survey of the various masking techniques and their individual benefits and drawbacks. Some keywords which may assist you in finding this document online are: Data Sanitization, Data Sanitisation, Data Masking, Data Obfuscation, Data Security, Data Cleansing, Data Hiding, Data Protection Act 1998, Hide Data, Disguise Data, Sanitize Data, Sanitise Data, Gramm-Leach-Bliley Act (GLBA), Data Privacy, Directive 95/46/EC of the European Parliament Author: Dale Edgar Net 2000 Ltd. Dale.Edgar@Net2000Ltd.com
2 Table of Contents Why Sanitize Information in Test and Development Databases?...1 Protecting Valuable Information...1 Legal Obligations...1 Data Sanitization Techniques...2 Technique: NULL ing Out...2 Technique: Masking Data...2 Technique: Substitution...3 Technique: Shuffling Records...4 Technique: Number Variance...4 Technique: Gibberish Generation...4 Technique: Encryption/Decryption...5 Summary...6
3 Data Sanitization Techniques Data Sanitization is the process of disguising sensitive information in test and development databases by overwriting it with realistic looking but false data of a similar type. Why Sanitize Information in Test and Development Databases? The data in testing environments should be sanitized in order to protect valuable business information and also because there is, in most countries, a legal obligation to do so. Protecting Valuable Information Fundamentally there are two types of security. The first type is concerned with the integrity of the data. In this case the modification of the records is strictly controlled. For example, you may not wish an account to be credited or debited without specific controls and auditing. This type of security is not a major concern in test and development databases. The data can be modified at will without any business impact. The second type of security is the protection of the information content from inappropriate visibility. Names, addresses, phone numbers and credit card details are good examples of this type of data. Unlike the protection from updates, this type of security requires that access to the information content is controlled in every environment. Legal Obligations The legal requirements for Data Sanitization vary from country to country and most countries now have regulations of some form. Here are some examples: United States The Gramm-Leach-Bliley Act requires institutions to protect the confidentiality and integrity of personal consumer information. The Right to Financial Privacy Act of 1978 creates statutory Fourth Amendment protection for financial records and there are a host of individual state laws The European Union Directive 95/46/EC of the European Parliament which provides strict guidelines regarding individual rights to data privacy, and the responsibilities of data holders to guard against misuse.
4 The United Kingdom The United Kingdom Data Protection Act of 1998 extends the European Parliament directive and places further statutory obligations on the holders of personal, private or sensitive data. As with most things legal, the details are open to argument. In reality though, if data for which your organization is responsible gets loose and appropriate steps were not taken to prevent that release, then your organizations lawyers could well find themselves in court trying to put their best spin on the matter. However large the legal liabilities are, they could seem trivial in comparison to the losses associated with the catastrophic loss of business confidence caused by a large scale privacy breach. Any organization that outsources test and development operations needs to be very conscious of the specific laws regulating the transmission of information across national borders. Data Sanitization Techniques Test and development teams need to work with databases which are structurally correct functional copies of the live environments. However, they do not necessarily need to be able to view security sensitive information. For test and development purposes, as long as the data looks real, the actual record content is usually irrelevant. There are a variety of Data Sanitization techniques available the pro s and con s of some of the most useful are discussed below. Technique: NULL ing Out Simply deleting a column of data by replacing it with NULL values is an effective way of ensuring that it is not inappropriately visible in test environments. Unfortunately it is also one of the least desirable options from a test database standpoint. Usually the test teams need to work on the data or at least a realistic approximation of it. For example, it is very hard to write and test customer account maintenance forms if the customer name, address and contact details are all NULL values. Verdict: The NULL ing Out technique is useful in certain specific circumstances but rarely useful as the entire Data Sanitization strategy. Technique: Masking Data Masking data means replacing certain fields with a Mask character (such as an X). This effectively disguises the data content while preserving the same formatting on front end screens and reports. For example, a column of credit card numbers might look like:
5 and after the masking operation the information would appear as: 4346 XXXX XXXX XXXX XXXX XXXX XXXX 8724 The masking characters effectively remove much of the sensitive content from the record while still preserving the look and feel. Take care to ensure that enough of the data is masked to preserve security. It would not be hard to regenerate the original credit card number from a masking operation such as: XX since the numbers are generated with a specific and well known checksum algorithm. Also care must be taken not to mask out potentially required information. A masking operation such as XXXX XXXX XXXX 5379 would strip the card issuer details from the credit card number. This may, or may not, be desirable. Verdict: If the data is in a specific, invariable format, then Masking is a powerful and fast Data Sanitization option. If numerous special cases must be dealt with then masking can be slow, extremely complex to administer and can potentially leave some data items inappropriately masked. Technique: Substitution This technique consists of randomly replacing the contents of a column of data with information that looks similar but is completely unrelated to the real details. For example, the surnames in a customer database could be sanitized by replacing the real last names with surnames drawn from a largish random list. Substitution is very effective in terms of preserving the look and feel of the existing data. The downside is that a largish store of substitutable information must be maintained for each column to be substituted. For example, to sanitize surnames by substitution, a list of random last names must be available. Then to sanitize telephone numbers, a list of phone numbers must be available. Frequently, the ability to generate known invalid data (phone numbers that will never work) is a nice-to-have feature. Substitution data can sometimes be very hard to find in large quantities. For example, if a million random street addresses are required, then just obtaining the substitution data can be a major exercise in itself. Verdict: Substitution is quite powerful, reasonably fast and preserves the look and feel of the data. Finding the required random data to substitute and developing the procedures to accomplish the substitution can be a major effort.
6 Technique: Shuffling Records Shuffling is similar to substitution except that the substitution data is derived from the column itself. Essentially the data in a column is randomly moved between rows until there is no longer any reasonable correlation with the remaining information in the row. There is a certain danger in the shuffling technique. It does not prevent people from asking questions like I wonder if so-and-so is on the supplier list? In other words, the original data is still present and sometimes meaningful questions can still be asked of it. Another consideration is the algorithm used to shuffle the data. If the shuffling method can be determined, then the data can be easily unshuffled. For example, if the shuffle algorithm simply ran down the table swapping the column data in between every group of two rows it would not take much work from an interested party to revert things to their unshuffled state. Shuffling is rarely effective when used on small amounts of data. For example, if there are only 5 rows in a table it probably will not be too difficult to figure out which of the shuffled data really belongs to which row. On the other hand, if a column of numeric data is shuffled, the sum and average of the column still work out to the same amount. This can sometimes be useful. Verdict: Shuffle rules are best used on large tables and leave the look and feel of the data intact. They are fast and relatively simple to implement since no new data needs to be found, but great care must be taken to use a sophisticated algorithm to randomise the shuffling of the rows. Technique: Number Variance The Number Variance technique is useful on numeric data. Simply put, the algorithm involves modifying each number value in a column by some random percentage of its real value. This technique has the nice advantage of providing a reasonable disguise for the numeric data while still keeping the range and distribution of values in the column within viable limits. For example, a column of sales data might have a random variance of 10% placed on it. Some values would be higher, some lower but all would be not too far from their original range. Verdict: The number variance technique is occasionally useful and can prevent attempts to correlate true records using known numeric data. This type of Data Sanitization really does need to be used in conjunction with other options though. Technique: Gibberish Generation In general, when sanitizing data, one must take great care to remove all imbedded references to the real data. For example, it is pointless to carefully remove real customer names and addresses while still leaving intact in stored copies of
7 correspondence in another table. This is especially true if the original record can be determined via a simple join on a unique key. Sanitizing formless non specific data such as letters, memos and notes is one of the hardest techniques in Data Sanitization. Usually these types of fields are just substituted with a random quantity of equivalently sized gibberish or random words. If real looking data is required, either an elaborate substitution exercise must be undertaken or a few carefully hand built examples must be judiciously substituted to provide some representative samples. Verdict: Occasionally it is useful to be able to substitute quantities of random text. Gibberish Generation is useful when needed but is not a very widely applicable technique. Technique: Encryption/Decryption This technique offers the option of leaving the data in place and visible to those with the appropriate key while remaining effectively useless to anybody without the key. This would seem to be a very good option yet, as with all techniques, it has its strengths and weaknesses. The big plus is that the real data is available to anybody with the key for example administration personnel might be able to see the personal details on their front end screens but no one else would have this capability. This optional visibility is also this techniques biggest weakness. The encryption password only needs to escape once and all of the data is compromised. Of course, you can change the key and regenerate the test instances but stored or saved copies of the data are immediately available under the old password. Encryption also destroys the formatting and look and feel of the data. Encrypted data rarely looks meaningful, in fact, it usually looks like binary data. This sometimes leads to NLS character set issues when manipulating encrypted varchar fields. Certain types of encryption impose constraints on the data format as well. For example, the Oracle Obfuscation toolkit requires that all data to be encrypted should have a length which is a multiple of 8 characters. In effect, this means that the fields must be extended with a suitable padding character which must then be stripped off at decryption time. The strength of the encryption is also an issue. Some encryption is more secure than others. According to the experts, most encryption systems can be broken it is just a matter of time and effort. In other words, not very much will keep the national security agencies of largish countries from reading your files should they choose to do so. This may not be a big worry if the requirement is to protect proprietary business information. Verdict: The security is dependent on the strength of the encryption used. It may not be suitable for high security requirements or where the encryption key cannot be secured. Encryption also destroys the look and feel of the sanitized data. The big plus is the selective access it presents.
8 Summary Given the legal and business operating environment of today, most test and development databases will require some form of Data Sanitization. There are a variety of techniques available and usually several will be required as the format, size and structure of the data dictates. One key issue not discussed above is repeatability. When designing the Data Sanitization routines it should be realized that they will eventually become a production process even if the data is only destined for test environments. In other words, the data will need to be sanitized each and every time a test database is refreshed from production. This means that Data Sanitization routines that are easy to run and simple to maintain will soon recover any extra development effort or costs. About the Author Dale Edgar in his many years of experience as a DBA has built numerous test and development environments. He is one of the creative influences behind the Data Masker - software which provides an automated solution to the sanitization of data in test and development environments. Dale can be reached at Dale.Edgar@DataMasker.com
www.niit-tech.com Lalit Mittal NIIT Technologies White Paper
www.niit-tech.com Data Masking Techniques for Insurance Lalit Mittal NIIT Technologies White Paper CONTENTS Introduction 3 What is Data Masking? 3 Types of Data Masking 4 Techniques used for Data Masking
More informationAnonymous Oracle Applications HR Data
Abstract Information in many test and development Oracle Applications HR systems must be rendered anonymous for security purposes. Such data masking helps prevent the unauthorized visibility of the data
More informationData Masking: What You Need to Know
What You Really Need To Know Before You Begin Abstract It is often necessary to anonymize data in test and development databases in order to protect it from inappropriate visibility. There are many things,
More informationData Masking for HIPAA Compliance
The Safe Harbor Method: Abstract The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule mandates the de-identification of specific types of Protected Health Information (PHI)
More informationCyber Security: Guidelines for Backing Up Information. A Non-Technical Guide
Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:
More informationA Survey on Recent Trends, Process and Development in Data Masking for Testing
A Survey on Recent Trends, Process and Development in Data Masking for Testing 535 Ravikumar G K 1,Manjunath T N 2, Ravindra S Hegadi 3,Umesh I M 4 1 Wipro Technologies, Bangalore, Karnataka, INDIA 2 Bharathiar
More informationProtecting Data in a Spooky world Data Masking Technologies DAMA RMC Oct. 29, 2014
Business Glossary Business Intelligence Data Architecture Master Data Management Protecting Data in a Spooky world Data Masking Technologies DAMA RMC Oct. 29, 2014 Aspen Information Solutions, Inc Lowell
More informationWhy Add Data Masking to Your IBM DB2 Application Environment
Why Add Data Masking to Your IBM DB2 Application Environment dataguise inc. 2010. All rights reserved. Dataguise, Inc. 2201 Walnut Ave., #260 Fremont, CA 94538 (510) 824-1036 www.dataguise.com dataguise
More informationObfuscation as a Security Measure in Cloud Computing
Obfuscation as a Security Measure in Cloud Computing Hitendra 1, Dr. Sandhya Tarar 2 School of Information & Communication Technology, Gautam Buddha University, Greater Noida, UP, India 1,2 Abstract:Encryption
More informationProcedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom
Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom
More informationPCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
More informationHill s Cipher: Linear Algebra in Cryptography
Ryan Doyle Hill s Cipher: Linear Algebra in Cryptography Introduction: Since the beginning of written language, humans have wanted to share information secretly. The information could be orders from a
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationReducing Email Threats
Reducing Email Threats MyMail Solves Common Privacy and Security Email Threats MyMail Technology, LLC 2009 West Beauregard Avenue San Angelo, TX 76901 (866) 949-8572 www.mymail.com March 2008 REDUCING
More informationWhitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com
Whitepaper Best Practices for Securing Your Backup Data BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com DATA PROTECTION CHALLENGE Encryption, the process of scrambling information
More informationDatabase design 1 The Database Design Process: Before you build the tables and other objects that will make up your system, it is important to take time to design it. A good design is the keystone to creating
More informationDBKDA 2012 : The Fourth International Conference on Advances in Databases, Knowledge, and Data Applications
Evaluation of Data Anonymization Tools Sergey Vinogradov Corporate Technology Siemens LLC Saint-Petersburg, Russia sergey.vinogradov@siemens.com Alexander Pastsyak Corporate Technology Siemens LLC Saint-Petersburg,
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationTHE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31
THE MORAY COUNCIL Guidance on data security breach management Information Assurance Group DRAFT Based on the ICO Guidance on data security breach management under the Data Protection Act 1 Document Control
More informationThe Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations
The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors
More informationClosing the data privacy gap: Protecting sensitive data in non-production environments
Enterprise Data Management Solutions February 2008 IBM Information Management software Closing the data privacy gap: Protecting sensitive data in non-production environments Page 2 Contents 2 Executive
More informationWhite Paper. Blindfolded SQL Injection
White Paper In the past few years, SQL Injection attacks have been on the rise. The increase in the number of Database based applications, combined with various publications that explain the problem and
More informationGuidance on data security breach management
ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationDatabase Security Encryption
Database Security Encryption Jack Webb ICTN 6865 Jack Webb 2 Database Security Encryption I. Abstract The paper will cover the importance of databases and why their contents should be secure. Databases
More informationDATA PROTECTION IN DIRECT MARKETING
Document 1.1.2-1 DATA PROTECTION IN DIRECT MARKETING analysis of the legislation in direct marketing Component 1 Activity 1.1.2 Final version The content of this report is the sole responsibility of Human
More informationImproving Business for SMEs with Online Backup Improving Business for SMEs with Online Backup
Improving Business for SMEs with Online Backup www.cloudsecure.co.uk/cloudsecure 1 Accountants and Solicitors Firms Professional organisations such as accountancy and solicitors firms have an ever increasing
More informationWhitepaper. Hexaware Data Masking Solution for PeopleSoft Applications. Published on: January 2011 Author: Immanuel J. Kingsley
Published on: January 2011 Author: Immanuel J. Kingsley Hexaware Technologies. All rights reserved. Table of Contents 1. Introduction 2. Subject Clarity 3. Problem Definition Re-Statement 4. Solution Proposition
More informationGuidance on data security breach management
Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction
More informationCredit Union Code for the Protection of Personal Information
Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve
More informationUNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C
UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationINTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY
INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY Asst.Prof. S.N.Wandre Computer Engg. Dept. SIT,Lonavala University of Pune, snw.sit@sinhgad.edu Gitanjali Dabhade Monika Ghodake Gayatri
More informationHOW ARKIVUM USES LTFS TO PROVIDE ONLINE ARCHIVING AS A SERVICE
HOW ARKIVUM USES LTFS TO PROVIDE ONLINE ARCHIVING AS A SERVICE Dr Matthew Addis, CTO Arkivum Whitepaper LTFS data tape helps Arkivum make the difference With an ever increasing need for organisations to
More informationTerms of Service. This online privacy policy applies only to information collected through our website and not to information collected offline.
Terms of Service Privacy Policy Mahavitaran (mahadiscom) respects and protects the privacy of the individuals that access the information and use the services brought through them. Individually identifiable
More informationOracle 1Z0-528 Exam Questions & Answers
Oracle 1Z0-528 Exam Questions & Answers Number: 1Z0-528 Passing Score: 660 Time Limit: 120 min File Version: 21.1 http://www.gratisexam.com/ Oracle 1Z0-528 Exam Questions & Answers Exam Name: Oracle Database
More informationTable of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3
Privacy Policy First American Title Insurance Company of Australia Pty Ltd First Mortgage Services Pty Ltd First Mortgage Services Australia Pty Ltd 1 P a g e Table of Contents Page Introduction 3 What
More informationPDF security - a brief history of development
PDF security - a brief history of development Background Adobe was the first organization that set out to try and provide security controls for PDF based documents, and had their own particular views as
More informationReducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
More informationEAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationProtective security governance guidelines
Protective security governance guidelines Security of outsourced services and functions Approved 13 September 2011 Version 1.0 Commonwealth of Australia 2011 All material presented in this publication
More informationSchedule Adherence: WHITE PAPER. 7 Not- So- Best Practices and How to Make Them Better. Authored by: Rebecca Wise Girson Wise Workforce Strategies
WHITE PAPER Schedule Adherence: 7 Not- So- Best Practices and How to Make Them Better Authored by: Rebecca Wise Girson Wise Workforce Strategies Sponsored by: NICE Systems Executive Summary Many of today
More informationTERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE
TERMS OF USE FOR TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information and other information contained
More informationExam Papers Encryption Project PGP Universal Server Trial Progress Report
Exam Papers Encryption Project PGP Universal Server Trial Progress Report Introduction Using encryption for secure file storage and transfer presents a number of challenges. While the use of strong, well
More informationA Road Map to Successful Data Masking
A Road Map to Successful Data Masking Secure your production data By Huw Price, Managing Director 2 Introduction How valuable is data masking to your organisation? According to the Ponemon Institute s
More informationBlindfolded SQL Injection. Written By: Ofer Maor Amichai Shulman
Blindfolded SQL Injection Written By: Ofer Maor Amichai Shulman Table of Contents Overview...3 Identifying Injections...5 Recognizing Errors...5 Locating Errors...6 Identifying SQL Injection Vulnerable
More informationMONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationThird Party Security Requirements Policy
Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,
More informationPrivacy and Encryption in egovernment. Dewey Landrum Technical Architect CSO SLED West Sector CISSP August 11, 2008
Privacy and Encryption in egovernment Dewey Landrum Technical Architect CSO SLED West Sector CISSP August 11, 2008 Privacy Regulations Health Insurance Portability and Accountability Act (HIPPA) Gramm-Leach-Bliley
More informationPRIVACY POLICY. Consent
PRIVACY POLICY car2go N.A. LLC and car2go Canada Ltd. (collectively, car2go ) recognize the importance of protecting your personal information. We take the protection of your personal information seriously
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationCanon imagerunner Hard Disk Drive Data Security Options. Data Encryption and Overwrite
Canon imagerunner Hard Disk Drive Data Security Options Data Encryption and Overwrite Canon imagerunner Hard Disk Drive Data Security Kits Powerful protection for your most important information. Canon
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationKaspersky Lab s Full Disk Encryption Technology
Kaspersky Lab s Full Disk Encryption Technology In the US alone, an estimated 12,000 laptops are lost or stolen each week. According to the Ponemon Institute, a laptop is stolen every 53 seconds; more
More informationEASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper
More informationData Security Breach Management - A Guide
DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT GD21 2 DATA PROTECTION (JERSEY) LAW 2005: GUIDANCE ON DATA SECURITY BREACH MANAGEMENT Introduction Organisations which process
More informationInterim Threat / Risk Assessment. Student E- Communications Outsourcing Project
Interim Threat / Risk Assessment Student E- Communications Outsourcing Project Martin Loeffler Information Security, I+TS Creation Date: Version 1.0 June 24, 2010 Last Updated: Version 2.0 July 6, 2010
More informationJournal of Digital Forensic Practice
Journal of Digital Forensic Practice Journal of Digital Forensic Practice, 2:57 61, 2008 Copyright Taylor & Francis Group, LLC ISSN: 1556-7281 print / 1556-7346 online DOI: 10.1080/15567280801958464 UDFP
More informationLocal Government Cyber Security:
Local Government Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Elected Officials Administrative Officials Business Managers Multi-State Information Sharing and
More informationAccelerating PCI Compliance
Accelerating PCI Compliance PCI Compliance for B2B Managed Services March 8, 2016 What s the Issue? Credit Card Data Breaches are Expensive for Everyone The Wall Street Journal OpenText Confidential. 2016
More information4-column document Net neutrality provisions (including recitals)
4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN
More informationPineApp TM Mail Encryption Solution TM
PineApp TM Mail Encryption Solution TM How to keep your outgoing messages fully secured. October 2008 Modern day challenges in E-Mail Security Throughout the years, E-Mail has evolved significantly, emerging
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationSecurity and Data Protection for Online Document Management Software
Security and Data Protection for Online Document Management Software Overview As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationReprinted with permission from the January 2004 issue of the Intellectual Property & Technology Law Journal.
Reprinted with permission from the January 2004 issue of the Intellectual Property & Technology Law Journal. Beyond the NDA: Digital Rights Management Isn t Just for Music By Adam Petravicius and Joseph
More informationAlienVault for Regulatory Compliance
AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have
More informationwww.gr8ambitionz.com
Data Base Management Systems (DBMS) Study Material (Objective Type questions with Answers) Shared by Akhil Arora Powered by www. your A to Z competitive exam guide Database Objective type questions Q.1
More informationEnhanced Model of SQL Injection Detecting and Prevention
Enhanced Model of SQL Injection Detecting and Prevention Srinivas Baggam, Assistant Professor, Department of Computer Science and Engineering, MVGR College of Engineering, Vizianagaram, India. b_srinio@yahoo.com
More informationAUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS
AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS OBJECTIVE Increase your IT vocab so that you can assess the risks related to your audits of EHRs and/or EHR related data AGENDA What
More informationon Electronic Signature and change to some other laws (Electronic Signature Act) The Parliament has hereby agreed on this Act of the Czech Republic:
227/2000 Coll. ACT of 29 th June 2000 on Electronic Signature and change to some other laws (Electronic Signature Act) Amendment: 226/2002 Coll. Amendment: 517/2002 Coll. Amendment :440/2004 Coll. Amendment:
More informationHIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates
HIPAA Myths WEDI Member Town Hall Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right
More informationOutsourcing and third party access
Outsourcing and third party access This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security
More informationOnce the schema has been designed, it can be implemented in the RDBMS.
2. Creating a database Designing the database schema... 1 Representing Classes, Attributes and Objects... 2 Data types... 5 Additional constraints... 6 Choosing the right fields... 7 Implementing a table
More informationUsing Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
More informationDO NOT DIVULGE DETAILS OF THIS MONEY TRANSFER TO A THIRD PARTY.
Disclaimers 1) If the exchange rate for your transaction was determined at the time you sent the money, the currency to be paid out and the exchange rate are listed on your receipt. Otherwise, the exchange
More informationTERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE
TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information
More informationData controllers and data processors: what the difference is and what the governance implications are
ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a
More informationSolution Brief for ISO 27002: 2013 Audit Standard ISO 27002. Publication Date: Feb 6, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief for ISO 27002: 2013 Audit Standard Publication Date: Feb 6, 2015 8815 Centre Park Drive, Columbia MD 21045 ISO 27002 About delivers business critical software and services that transform
More informationEffective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2
Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2 Research Student, Bharti Vidyapeeth, Pune, India sd_patil057@rediffmail.com Modern College of Engineering,
More informationGIGASOFT DATA PROTECTION LTD SERVICES AGREEMENT FOR THE SUPPLY OF DATA BACKUP
GIGASOFT DATA PROTECTION LTD SERVICES AGREEMENT FOR THE SUPPLY OF DATA BACKUP 0. DEFINITIONS 0.1 Gigasoft Data Protection Ltd (Gigasoft) a company registered in England and Wales under Reg # 05603283 whose
More informationCopyright 2014 Oracle and/or its affiliates. All rights reserved.
Oracle Data Masking and Subsetting What s new & Best Practices Dinesh Rajasekharan Product Manager Oracle Data Masking and Subsetting Oct 02, 2014 Copyright 2014, Oracle and/or its affiliates. All rights
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More information- Table of Contents -
- Table of Contents - 1 INTRODUCTION... 1 1.1 TARGET READERS OF THIS DOCUMENT... 1 1.2 ORGANIZATION OF THIS DOCUMENT... 2 1.3 COMMON CRITERIA STANDARDS DOCUMENTS... 3 1.4 TERMS AND DEFINITIONS... 4 2 OVERVIEW
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationMethods to increase search performance for encrypted databases
Available online at www.sciencedirect.com Procedia Economics and Finance 3 ( 2012 ) 1063 1068 Emerging Markets Queries in Finance and Business Methods to increase search performance for encrypted databases
More informationBuilding a Culture of Health Care Privacy Compliance
Building a Culture of Health Care Privacy Compliance September 10, 2014 Presented by: Gerry Hinkley, Partner, Pillsbury Greg Radinsky, VP & Chief Corporate Compliance, North Shore - LIJ Wendy Maneval,
More informationINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY AUTHOR: ANAS TAWILEH anas@tawileh.net Available online at: http://www.tawileh.net/courses/ia This work is released under a Creative Commons Attribution-ShareAlike 2.5 License
More informationAVAILABILITY SERVICES CLouD SECuRITY
AVAILABILITY SERVICES CLouD SECuRITY Buyer Be aware There is one simple but golden tenet: security in the cloud is exactly the same as security in a physical shared environment and should be approached
More informationIncident reporting procedure
Incident reporting procedure Responsible Officer Author Date effective from Aug 2009 Date last amended Aug 2009 Review date July 2012 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance
More informationActorcard Prepaid Visa Card Terms & Conditions
Actorcard Prepaid Visa Card Terms & Conditions These Terms & Conditions apply to your Actorcard prepaid Visa debit card. Please read them carefully. In these Terms & Conditions: "Account" means the prepaid
More informationKovaion Data Masking Solution
Kovaion Data Masking Solution Date Email Website : Apr-2016 : info@kovaion.com : www.kovaion.com Kovaion Consulting DATA MASKING SOLUTION OVERVIEW Obfuscation of Sensitive Data Prevent data theft from
More informationTest Data Management Best Practice
Test Data Management Best Practice, Inc. 5210 Belfort Parkway, Suite 400 Author: Stephanie Chace Quality Practice Lead srchace@meridiantechnologies.net, Inc. 2011 www.meridiantechnologies.net Table of
More informationUnited States Citizenship and Immigration Services (USCIS) Enterprise Service Bus (ESB)
for the United States Citizenship and Immigration Services (USCIS) June 22, 2007 Contact Point Harry Hopkins Office of Information Technology (OIT) (202) 272-8953 Reviewing Official Hugo Teufel III Chief
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More information